Login

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager installed on the remote host is 6.2.x prior to 6.2.6.0. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190). - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191). - A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'. (CVE-2013-0169).

Solution

Upgrade to IBM Tivoli Storage Manager 6.2.6.0, 6.3.4.200 or later or disable SSL.